SSA built a system to help combat identity fraud. Backers say it’s ‘at risk of collapse’

A federal service used by financial institutions to verify Social Security numbers, recently highlighted as a prime example for how the government could reduce improper payments and fraud, is at risk of a “death spiral” due to a steep increase in user fees, according to proponents of the system.

The Government Accountability Office is now conducting a review of the Social Security Administration’s electronic Consent Based Social Security Number Verification (eCBSV) program after lawmakers flagged concerns with cost overruns and price increases.

Meanwhile, it’s not clear whether eCBSV factors into a forthcoming SSA plan to make real-time Social Security number verification available to federal benefits programs.

Katie Wechsler, co-executive director of the Consumer First Coalition, said eCBSV is working well to provide financial institutions with real-time verification of Social Security numbers. The coalition’s members include banks, credit companies and other financial institutions.

But in testimony before a House Ways and Means Committee hearing late last month, Wechsler warned rising fees for eCBSV use are threatening the long-term viability of the system.

“I do not say this lightly: the eCBSV system is at risk of collapse if changes are not made,” she said.

Jeremy Grant, managing director at Venable and coordinator of the Better Identity Coalition, has similar concerns. The coalition advocates for government agencies that hold identity-related information, like the SSA, to offer digital identity services to consumers.

“My concern is this program could find itself going into a death spiral, where in an effort to try and recoup money already spent on the program, the rates keep going up, and then it keeps creating new incentives for industry not to use it,” Grant said in an interview.

Sean Brune, deputy administrator and chief information officer at SSA, told lawmakers during last month’s hearing that the agency needs to increase the fees to recover eCBSV costs within three years and comply with appropriations law.

He said SSA was in ongoing conversations with the Consumer First Coalition and other users to understand any potential barriers to the use of eCBSV.

“Our intent is to incentivize usage, thereby increasing the number of verifications and generating more fees,” Brune told lawmakers. “We’re open to further discussion with you about ways to resolve this challenge. And we do want to make it an efficient and effective service.”

In emailed responses to questions, SSA spokeswoman Nicole Tiggeman said appropriations law limits the amount of time the agency has to recover money used to build and operate eCBSV.

“We must increase the tier charges to recover funds so that we don’t use our administrative funds for non-mission eCBSV work and permanently reduce the amount of administrative funding available to serve the public,” she said.

Wechsler’s group is recommending Congress extend the time frame SSA has to recover the eCBSV costs to 10 years. She’s also recommending SSA and lawmakers work to expand use of the system beyond financial institutions.

So far, no lawmakers have put forward a bill or language that would address the eCBSV system.

“Our concerns is this tight timeframe for them to recover their costs is creating a vicious cycle,” Wechsler said. “It would be less users, and then the costs would have to increase again. So we want to work with SSA and Congress to make sure that does not happen, because that is in no one’s interest.”

Increasing eCBSV fees

Congress directed SSA to establish a fee-based, Social Security number verification database for financial institutions as part of the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018.

The system provides authorized users with an automatic “yes/no” answer to verify whether a customer’s Social Security number, name and date of birth match SSA records. It will also tell them if the provided information matches up with a deceased individual.

Users of the system need to obtain an individual’s consent, via a wet or electronic signature, before submitting that person’s information to the system.

SSA points out that the system is not an identity verification service by itself. But users of eCBSV say it’s helped combat against “synthetic identity fraud,” where an individual combines stolen information — like a real person’s social security number — with a fake name and date of birth to fraudulently create accounts or make purchases.

“eCBSV is effective, and it is working,” Wechsler said in an interview. “It’s just these pain points that we need to solve to ensure it continues on this path.”

When SSA launched eCBSV in 2020, SSA said it would charge new users a $3,693 administrative fee and returning users a $1,691 renewal fee. SSA also charged transaction fees, ranging from $400 for a user to submit up to 1,000 transactions, to $276,500 for users submitting between 200,000 and 50 million transactions.

Beginning in 2022, SSA eliminated the transaction fees, but began creating more tiers and increasing the transaction rates for high-volume users.

And as part of the most recent fee structure published in May, SSA raised the rates again for higher volume users. Those submitting between 15 million and 20 million cases will be subject to a $6.25 million annual fee; between 20 million and 25 million transactions will cost $7.25 million; and between 25 million and 75 million transactions will cost $8.25 million.

The new fee structure goes into effect in July.

The upshot, Wechsler pointed out during last month’s hearing, is that a user submitting 20 million cases this year will pay 22 times what they were charged in 2021 for the same number of transactions.

“Some users may stop altogether, and some may submit transactions only for high-risk scenarios,” she said. “That means fewer transactions, which could cause SSA to increase the fees, again, for the remaining users. That’s not viable.”

With SSA required by law to recoup the costs of eCBSV, a potential culprit behind the rising fees may be unexpectedly high price for developing and operating what Grant said was thought to be a “relatively simple” system.

In 2021, SSA estimated the development costs for eCBSV were $45 million. And in the May 2023 fee structure notice, SSA said the total cost of developing and operating eCBSV through the end of fiscal 2022 had risen to $53 million, with $38 million yet to be recovered through user fees.

“Industry is perfectly fine having all of this be reimbursable,” Grant said. “But if you’re dealing with a number much higher than anybody ever expected, and then you’re saying that the whole thing has to be recouped in three years . . . [then] the rates are getting so expensive that we think it’s unfortunately going to further disincentive use of the system.”

Tiggeman, the SSA spokeswoman, said the increasing eCBSV costs are due to “several factors, including longer enrollment roll out timeframes than anticipated and a requested dedicated eCBSV help desk.”

Plan to expand SSN verification

Even before SSA issued its most recent fee schedule, lawmakers had been seeking a review of eCBSV. Sens. Tim Scott (R-S.C.) and Mike Crapo (R-Idaho) in a September 2022 letter asked the Government Accountability Office to review eCBSV “cost overruns” and fee increases, among other issues.

“To fully realize the benefits of the eCBSV system and protect consumers from synthetic identity fraud, it is critical that SSA takes steps to make the eCBSV program as efficient and cost-effective as possible,” Scott and Crapo wrote.

The lawmakers also ask whether SSA could make some improvements to the system. Currently, eCBSV does not tell users whether a mismatch is due to fraud or an input error, like a nickname that doesn’t match up with SSA records.

A GAO spokesman confirmed the agency accepted the request, but noted the eCBSV review “just recently got underway.”

The challenges with eCBSV come after fraudsters used stolen social security numbers to steal potentially billions in COVID-19 relief funds.

The Pandemic Response Accountability Committee last year identified $5.4 billion in “potentially fraudulent” Small Business Administration loans that were obtained using more than 69,000 “questionable” social security numbers.

The PRAC alert specifically highlighted the need for “improving government information sharing,” noting that SBA did not have the ability to conduct comprehensive social security number checks when it faced a “deluge of applications” for COVID-19 relief.

“Nevertheless, the results of this fraud alert demonstrate the benefit of a consent-based verification process to authenticate basic applicant information — such as name, date of birth and Social Security Number — to ensure applicant eligibility and to prevent program and identity fraud,” the PRAC notice stated.

“Such an internal control, which we believe is a best practice, can be facilitated by legislative language requiring federal agencies to use a consent-based verification process when making applicant eligibility determinations and by authorizing SSA to verify information for this purpose,” the notice continued, specifically referencing the law that created eCBSV.

Linda Miller, founder and CEO of the Audient Group and former deputy executive director of the PRAC, pointed out longstanding cross-government information sharing challenges, such as the years it’s taken for the Treasury Department to gain access to SSA’s Master Death File.

And while social security number verification is “not panacea,” as it can’t detect a fully stolen identity, Miller said it is a “piece of a larger puzzle.”

“It’s definitely going to help a lot, because the fact that very little social security number checking is happening right now is being exploited by fraud actors with abandon,” she said.

As part of his testimony last month, Brune, SSA’s CIO, said the agency is working to expand social Security Number verification services to agencies that provide federal benefits.

“We intend to enable federal benefit programs to verify SSNs directly or through other federal agencies using real-time verification requests,” Brune said in his opening statement.

Brune did not specifically say whether SSA would make the eCBSV system available to agencies, or if it would use another method of verification.

Asked for more details, Tiggeman pointed to the Unified Agenda, which shows SSA plans to publish a notice of proposed rulemaking in early 2024 that will detail “the circumstances under which SSA may disclose SSN information to other federal agencies.”

“There is no additional information we can share at this time,” Tiggeman said.

While SSA’s plan is unclear, Grant said it makes sense to leverage the eCBSV system. “My take is, why would you not use common infrastructure for all of these queries?” he said.

The questions surrounding social security verification, Grant said, are emblematic of broader challenges in digital identity policy. The Better Identity Coalition and other groups recently pressed White House officials to launch a task force to guard against identity-related cybercrime and invest in “digital identity infrastructure.”

“This is sort of the Better Identity Coalition’s core thesis, which is, if I as an American have already gone through a process, whether it’s with SSA to have them give me a number, at the DMV to get a driver’s license, [or] with the State Department to get a passport, why can’t I ask those agencies to vouch for me when I’m trying to prove who I am online,” Grant said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.